Computer system, iot device monitoring method, and program

ABSTRACT

A computer system, an IoT device monitoring method, and a program in which a security is improved are provided. A computer system for monitoring a connected IoT device  100  monitors a login state of the IoT device  100 , detects an unauthorized access based on a result of the monitoring, learns any one or both of an ID or a password of the detected unauthorized access, and determines whether any one or both of an ID and a password held in advance by the IoT device  100  are easy to be released.

TECHNICAL FIELD

The present invention relates to a computer system, an IoT devicemonitoring method, and a program that monitor a connected IoT device.

BACKGROUND ART

In recent years, the number of IoT (Internet of Things) devicesconnected to a LAN (Local Area Network) is increasing. A user can log into the IoT device and use various functions of the IoT device, byinputting an ID or a password to a predetermined terminal.

When the user logs in to the IoT device, a problem arises in that theIoT device which the user does not intend to use is used by anunauthorized access of another user.

As a system for preventing such unauthorized access, for example, in acase where action plan information is prepared in advance and locationinformation of a monitoring target device does not match with the actionplan information, it is disclosed that the device is set to a lockedstate so that the unauthorized user cannot use the target device evenafter a password is leaked.

PRIOR ART DOCUMENT Patent Document

Patent Document 1: Japanese Patent Application Publication No.2010-220017

SUMMARY OF THE INVENTION Technical Problem

However, in the configuration of Patent Document 1, it is impossible todetermine whether such a password was easily broken, as a countermeasureafter the leakage of the password of the IoT device.

It is an object of the present invention to provide a computer system,an IoT device monitoring method, and a program in which a security isimproved.

Technical Solution

The present invention provides the following solutions.

The present invention provides a computer system for monitoring aconnected IoT device. The computer system includes a monitoring unitthat monitors a login state of the IoT device, a detecting unit thatdetects an unauthorized access based on a result of the monitoring, alearning unit that learns any one or both of an ID or a password of thedetected unauthorized access, and a determining unit that determineswhether any one or both of an ID and a password held in advance by theIoT device are easy to be released.

According to the present invention, a computer system monitoring aconnected IoT device monitors a login state of the IoT device, detectsan unauthorized access based on a result of the monitoring, learns anyone or both of an ID or a password of the detected unauthorized access,and determines whether any one or both of an ID and a password held inadvance by the IoT device are easy to be released.

The present invention relates to a computer system, but exhibits thesame operations and effects even when being applied to other categoriessuch as an IoT monitoring method, a program, and the like.

Effects of the Invention

According to the present invention, a computer system, an IoT devicemonitoring method, and a program in which a security is improved can beprovided.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram for explaining an overview of an IoT devicemonitoring system 1.

FIG. 2 is a diagram showing a system configuration of an IoT devicemonitoring system 1.

FIG. 3 is a functional block diagram of a computer 10 and an IoT device100.

FIG. 4 is a flowchart showing an IoT device monitoring process executedby a computer 10 and an IoT device 100.

FIG. 5 is a flowchart showing an IoT device monitoring process executedby a computer 10 and an IoT device 100.

FIG. 6 is a flowchart showing an IoT device login process executed by anIoT device 100.

FIG. 7 is a flowchart showing an IoT device login process executed by anIoT device 100.

FIG. 8 is a diagram showing an example of an additional notificationscreen.

FIG. 9 is a diagram showing an example of a first input screen.

FIG. 10 is a diagram showing an example of a second input screen.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Hereinafter, embodiments for carrying out the present invention aredescribed with reference to the drawings. It is to be understood thatthe embodiments are merely examples and the scope of the presentinvention is not limited to the disclosed embodiments.

[Overview of IoT Device Monitoring System 1]

An overview of an embodiment of the present invention is described withreference to FIG. 1. FIG. 1 is a diagram for explaining an overview ofan IoT device monitoring system 1 which is an embodiment of the presentinvention. The IoT device monitoring system 1 includes a computer 10 andIoT devices 100 (a network camera 100 a, a sensor device 100 b, a mobileterminal 100 c, a computer device 100 d, and a drone 100 e), and is acomputer system that monitors the IoT devices 100 connected to thecomputer 10.

In FIG. 1, the number of computer(s) 10 and the number of IoT devices100 may be appropriately changed. In addition, types of the IoT devices100 may be appropriately changed. Further, the computer 10 and the IoTdevices 100 are not limited to existing devices, and may be virtualdevices. Furthermore, each process to be described below may be realizedby any one of the computer 10 and the IoT devices 100 or a combinationof two or more of the computer 10 and the IoT devices 100.

The computer 10 is a computer device that is connected to the IoTdevices 100 so as to perform data communication with the IoT devices100. The computer 10 may be a network device such as a router thatconnects with the IoT devices 100 via a LAN.

The IoT devices 100 are terminal devices that are connected to thecomputer 10 so as to perform data communication with the computer 10.The IoT devices 100 are, for example, a network camera 100 a thatcaptures images such as moving images and still images, a sensor device100 b that acquires spatial data such as sunshine, temperature, and windpower, and environment data such as time data, a mobile terminal 100 cand computer device 100 d that are electric appliances such as a mobilephone, a portable information terminal, a tablet terminal, a personalcomputer, a netbook terminal, a slate terminal, an electronic dictionaryterminal, a portable music player, or the like, a drone 100 e such as anunmanned aerial vehicle, an unmanned mobile unit, or the like, and othergoods.

First, the computer 10 monitors login states of the IoT devices 100(step S01). The login state is a state in which one or both of an ID anda password are released.

The computer 10 detects an unauthorized access based on the result ofmonitoring (step S02). The unauthorized access means a state in which,even though the number of past input errors of the ID or the password iswithin a predetermined number of times (for example, three times), theID or the password has been inputted the predetermined number of timesor more and either the ID or the password is released.

The computer 10 learns both or either of the ID and/or the password ofthe detected unauthorized access (step S03). For example, the computer10 learns combinations of IDs or passwords that are frequently used forthe unauthorized access as a teacher data, and learns combinations ofIDs or passwords that have been illegally accessed this time.

The computer 10 determines whether both or either of an ID and/or anpassword that is stored in advance by an IoT device 100 different fromthe IoT device 100 to which the unauthorized access has been performedat this time is likely to be released (step S04). For example, thecomputer 10 determines that it is easy to be released if an ID or apassword that is the same as or similar to the above-described teacherdata is stored, and otherwise determines that it is difficult to bereleased.

Upon determining that it is easy to be released, the computer 10 setsboth or either of a new ID and/or a new password for this IoT device100, differently from the both or either of the ID and/or the passwordthat is stored in advance by this IoT device 100 (step S05).

The above is the overview of the IoT device monitoring system 1.

[System Configuration of IoT Device Monitoring System 1]

A system configuration of an IoT device monitoring system 1 which is anembodiment of the present invention is described with reference to FIG.2. FIG. 2 is a diagram showing a system configuration of an IoT devicemonitoring system 1 which is an embodiment of the present invention. TheIoT device monitoring system 1 includes a computer 10, IoT devices 100(a network camera 100 a, a sensor device 100 b, a mobile terminal 100 c,a computer device 100 d, and a drone 100 e), and a public line network 5(an Internet network, a third or fourth generation communicationnetwork, etc.), and is a computer system for monitoring the IoT devices100 connected to the computer 10.

The number and types of the devices constituting the IoT devicemonitoring system 1 may be appropriately changed. In addition, the IoTdevice monitoring system 1 may be realized not only by existing devicesbut also by virtual devices. Further, each process to be described latermay be realized by any one or a combination of two or more of devicesconstituting the IoT device monitoring system 1. Furthermore, thecomputer 10 may be a network device such as a router that connects withthe IoT devices 100 via a LAN.

The computer 10 is the above-described computer device having functionsto be described below.

The IoT device 100 is the above-described terminal device havingfunctions to be described below.

[Description of Each Function]

Functions of an IoT device monitoring system 1 which is an embodiment ofthe present invention are described with reference to FIG. 3. FIG. 3 isa functional block diagram of a computer 10 and an IoT device 100.

The computer 10 includes, as a control unit 11, a CPU (CentralProcessing Unit), a RAM (Random Access Memory), a ROM (Read OnlyMemory), and the like. The computer 10 includes, as a communication unit12, a device, for example a WiFi (Wireless Fidelity) compliant deviceconforming to IEEE 802.11 or the like, for enabling communication withother devices. In addition, the computer 10 includes, as a storage unit13, a data storage device such as a hard disk, a semiconductor memory, arecording medium, a memory card, or the like.

In the computer 10, the control unit 11 reads a predetermined program,thereby realizing a device detecting module 20, a monitoring module 21,a learning module 22, a setting module 23, and a notificationtransmitting module 24, in cooperation with the communication unit 12.In addition, in the computer 10, the control unit 11 reads apredetermined program, thereby realizing a determining module 30 and astorage module 31 in cooperation with the storage unit 13.

Like the computer 10, the IoT device 100 includes a CPU, a RAM, a ROM,and the like as a control unit 110, and includes a device that enablescommunication with other devices as a communication unit 120. Further,the IoT device 100 includes, as an input/output unit 140, a display unitfor outputting and displaying data and images controlled by the controlunit 110, an input unit, such as a touch panel, a keyboard, and a mouse,for accepting an input from the user, an imaging unit for capturingimages such as moving images and still images, various devices foracquiring environmental data and executing various processes, and thelike.

In the IoT device 100, the control unit 110 reads a predeterminedprogram, thereby realizing a notification receiving module 150, a datatransmitting/receiving module 151, a determining module 152, and a loginmodule 153, in cooperation with the communication unit 120. In addition,in the IoT device 100, the control unit 110 reads a predeterminedprogram, thereby realizing a display module 160 in cooperation with theinput/output unit 140.

[IoT Device Monitoring Process]

An IoT device monitoring process executed by an IoT device monitoringsystem 1 is described with reference to FIG. 4 and FIG. 5. FIG. 4 andFIG. 5 are flowcharts showing an IoT device monitoring process executedby a computer 10 and an IoT device 100. The process executed by themodules of each device described above is described in conjunction withthe present process.

A device detecting module 20 detects an IoT device 100 connected to thedevice detecting module 20 (step S10). In step S10, the device detectingmodule 20 detects the IoT device 100 that is connected to the devicedetecting module 20 via a LAN or WAN. In the present embodiment, thedevice detecting module 20 detects a network camera 100 a, a sensordevice 100 b, a mobile terminal 100 c, a computer device 100 d, and adrone 100 e as the IoT devices 100.

A monitoring module 21 monitors a login state of the detected IoT device100 (step S11). In step S11, the login state means a state in which bothor any one of an ID and a password of the IoT device 100 are released.The monitoring module 21 monitors whether the IoT device 100 is in thelogin state.

The monitoring module 21 determines whether an unauthorized access hasbeen detected based on the monitoring result (step S12). In step S12,the monitoring module 21 detects the unauthorized access based on a factthat inputs are accepted the number of times exceeding the number ofpast input errors of the ID or the password and both or any one of theID and the password have been released. For example, even though thenumber of past input errors of the ID or the password is within threetimes), the monitoring module 21 detects the unauthorized access in acase where the ID or the password has been, this time, inputted fivetimes exceeding the three times and, as a result, both or any one of theID and the password has been released.

The monitoring module 21 may detect the unauthorized access by any othermethod. For example, the unauthorized access may be detected in a casewhere a login different from the normal login is accepted, such as acase where the login is performed from location information differentfrom location information where the login is normally performed, a casewhere the login is performed at a time zone different from a time zonewhen the login is normally performed, or a case where the login isperformed in a terminal different from a terminal in the login isnormally performed.

In step S12, when the unauthorized access is not detected (NO in stepS12), the monitoring module 21 ends the present process.

On the other hand, in step S12, when the monitoring module 21 detectsthe unauthorized access (YES in step S12), a learning module 22 learnsany one or both of the ID and the password for which the detectedunauthorized access has been performed (step S13). In step S13, thelearning module 22 learns, as teacher data, IDs or passwords that arefrequently used for unauthorized accesses and the ID or the passwordsfor which the unauthorized accesses has been performed this time. The IDor passwords that are frequently used for the unauthorized access arethose at the initial setting (the ID is “admin” and the password is“admin”, the ID is “user” and the password is “user”, etc.), the samethose in the plurality of IoT devices and the like, those with the samecharacter string (“0000”, “1111”, “AAAA”, etc.), those with consecutivealphanumeric characters (“1234”, “5678”, “ABCD”, “abc123”, etc.), thosewithout an uppercase letter, a lowercase letter, an alphanumericcharacter, and a symbol being combined, those generated by pressing keysof a keyboard in order (“qwerty”, “poiuy”, etc.), those with simplenames only (“yamada”, “satou”, etc.), or those with a simple wordregistered in the dictionary (“apple”, “sample”, etc).

The determining module 30 determines whether both or any one of the IDand the password, which are stored in the storage module 31 in advanceby an IoT device 100 different from the IoT device 100 in which theunauthorized access has been detected this time, are easy to be released(Step S14). In step S14, the determining module 30 determines whetherboth or any one of the ID and the password are easy to be released,based on whether the ID or password held by the storage module 31matches with an ID or password that is frequently used for theabove-described unauthorized access, whether a matching rate with suchan ID or password is higher than a predetermined value, whether the IDor password held by the storage module 31 matches with an ID or passwordused for the unauthorized access, and the like.

In step S14, upon determining that it is difficult to be released (NO instep S14), the determining module 30 ends the present process. Inaddition, when determining that it is difficult to be released, thedetermining module 30 may transmit a notification to a terminalpossessed by the user, the mobile terminal 100 c, or the computer device100 d. The terminal, the mobile terminal 100 c, and the computer device100 d may display this notification.

On the other hand, in step S14, when the determining module 30determines that it is easy to be released (YES in step S14), the settingmodule 23 set a new ID or password, which is different from the ID orpassword of the IoT device 100 held by the storage module 31, for thisIoT device 100 (step S15). In step S15, the setting module 23 sets thenew ID or password in addition to the held ID or password. That is, twoIDs or passwords are set to the IoT device 100. At this time, thesetting module 23 sets the ID or password which is difficult to matchwith the IDs or passwords that are frequently used for theabove-described unauthorized access. Further, the setting module 23 setsthe ID or password in consideration of user's convenience. For example,the setting module 23 may insert alphanumeric characters to a part ofthe original ID or password, insert alphanumeric characters at any oneor both of the beginning and the end of the ID or password, or combinethem, thereby setting the ID or password that is difficult to match withthe IDs or passwords frequently used for the unauthorized access. Forexample, when the original ID is “yamada”, the setting module 23 setsthe ID to “01yama02da”. Similarly, when the original password is“tarou”, the setting module 23 sets the password to “ta05r12ou”.

In addition, the ID or password set by the setting module 23 is notlimited to the above-described examples and may be changed asappropriate.

A notification transmitting module 24 transmits a notificationindicating that the new ID or password has been set to the IoT device100 (step S16). In step S16, this notification is transmitted to themobile terminal 100 c or the computer device 100 d that has a displayunit, an input/output unit, or the like as the IoT device 100. Inaddition, the notification transmitting module 24 may transmit thisnotification to a terminal devices or the like possessed by other users.

A notification receiving module 150 receives the notification. A displaymodule 160 displays an additional notification screen based on thisnotification (step S17).

The additional notification screen displayed by the display module 160is described with reference to FIG. 8. FIG. 8 is a diagram showing anexample of the additional notification screen. The display module 160displays an additional content display area 310 and a completion icon320 as the additional notification screen 300. The additional contentdisplay area 310 is an area for displaying a reason for adding an ID orpassword, an ID or password before the addition, and an ID or passwordafter the addition. The display module 160 displays “a new ID orpassword has been added because the ID or password was simple” as thereason for addition. The display module 160 displays, as the reason foraddition, that the addition has been made based on the content that isfrequently used for the unauthorized access described above. The displaymodule 160 displays “old ID: yamada” as the ID before the addition anddisplays “old password: tarou” as the password before the addition. Thedisplay module 160 displays “01yamada02” as the added ID and displays“ta05r12ou” as the added password. The completion icon 320 terminatesthis screen by receiving an input from the user.

The display module 160 determines whether an input for ending thedisplay of the additional notification screen is received (step S18). Instep S18, when determining that the input is not received (NO in stepS18), that is, when determining that the input of the completion icon320 is not received, the display module 160 repeats the present process.

On the other hand, in step S18, when determining that the input isreceived (YES in step S18), that is, when the input of the completionicon 320 is received, the display module 160 ends the present process.

The above is the IoT device monitoring process.

[IoT Device Login Process]

An IoT device login process executed by an IoT device monitoring system1 is described with reference to FIG. 6 and FIG. 7. FIG. 6 and FIG. 7are flowcharts showing an IoT device login process executed by an IoTdevice 100. The process executed by each module described above isdescribed in conjunction with the present process.

A display module 160 determines whether an input of login to an IoTdevice 100 is received (step S20). In step S20, the display module 160receives the input of login to the IoT device 100 by activating adedicated application, a web browser, or the like.

In step S20, when the display module 160 determines that the input isnot received (step S20 NO), the display module 160 ends the presentprocess.

On the other hand, in step S20, when the display module 160 determinesthat the input is received (YES in step S20), the display module 160displays a first input screen (step S21).

The first input screen displayed by the display module 160 is describedwith reference to FIG. 9. FIG. 9 is a diagram showing an example of thefirst input screen. The display module 160 displays an ID input area410, a password input area 420, and a login icon 430, as the first inputscreen 400. The ID input area 410 receives an input from the user and isan area that receives an input of an ID. The password input area 420receives an input from the user and is an area that receives an input ofa password. The ID input area 410 and the password input area 420 maydisplay a virtual keyboard as a trigger upon receiving an input from theuser and receive an input from the user by receiving the input on thevirtual keyboard. Alternatively, the ID input area 410 and the passwordinput area 420 may receive the input from the user by a voice input orthe like. The login icon 430 receives an input from the user, and a datatransmitting/receiving module 151 transmits the inputted ID or passwordto a target IoT device 100 as a login data.

The display module 160 receives the input of the ID or password (stepS22). In step S22, the display module 160 receives the input of theoriginal ID or password. That is, in the present embodiment, “yamada” isinputted as the ID and “tarou” is inputted as the password.

The display module 160 determines whether the input is completed (stepS23). In step S23, the display module 160 performs the determinationbased on whether the input of the login icon 430 is received.

In step S23, when determining that the input is not completed (NO instep S23), that is, when determining that the input of the login icon430 is not received, the display module 160 repeats the present process.

On the other hand, in step S23, when the display module 160 determinesthat the input is completed (YES in step S23), that is, when the displaymodule 160 determines that the input of the login icon 430 is received,the data transmitting/receiving module 151 transmits the received ID orpassword to the target IoT device 100 as the login data (step S24).

The data transmitting/receiving module 151 receives the login data. Thedetermining module 152 determines whether the received login data is acorrect login data (step S25). In step S25, the determining module 152determines whether the ID and password included in the login data arecorrect. When determining that it is not the correct login data (NO instep S25), the determining module 152 counts an input error andtransmits a notification of requesting to input the ID or password againto the IoT device 100. The display module 160 displays this notification(step S26), and repeats the processes from step S21 described above.Furthermore, when the determining module 152 counts the input error apredetermined number of times or more, the IoT device monitoring system1 executes the IoT device monitoring process described above.

On the other hand, in step S25, when the determining module 152determines that it is the correct login data (YES in step S25), thedetermining module 152 transmits a second input screen to the IoT device100, and the display module 160 displays the second input screen (stepS27).

The second input screen displayed by the display module 160 is describedwith reference to FIG. 10. FIG. 10 is a diagram showing an example ofthe second input screen. The display module 160 displays an additionalID input area 510, an additional password input area 520, and a loginicon 530, as the second input screen 500. The additional ID input area510 receives an input from the user and is an area that receives aninput of the ID set in the above-described process of step S15. Further,the additional password input area 520 receives an input from the userand is an area that receives an input of the password set in theabove-described process of step S15. The additional ID input area 510and the additional password input area 520 may display a virtualkeyboard as a trigger upon receiving an input from the user and receivean input from the user by receiving the input on the virtual keyboard.Alternatively, the additional ID input area 510 and the additionalpassword input area 520 may receive the input from the user by a voiceinput or the like. The login icon 530 receives an input from the user,and the data transmitting/receiving module 151 transmits, as a logindata, the additional ID or the additional password that is received asthe input to the target IoT device 100.

The display module 160 receives the input of the additional ID orpassword (step S28). In step S28, the display module 160 receives theinput of the newly set ID or password. That is, in the presentembodiment, “Olyamada 02” is inputted as the additional ID, and“ta05r12ou” is inputted as the additional password.

The display module 160 determines whether the input is completed (stepS29). In step S29, the display module 160 performs the determinationbased on whether the input of the login icon 530 is received.

In step S29, when determining that the input is not completed (NO instep S29), that is, when determining that the input of the login icon530 is not received, the display module 160 repeats the present process.

On the other hand, in step S29, when the display module 160 determinesthat the input is completed (YES in step S29), that is, when the displaymodule 160 determines that the input of the login icon 530 is received,the data transmitting/receiving module 151 transmits the receivedadditional ID or password to the target IoT device 100 as the login data(step S30).

The data transmitting/receiving module 151 receives the login data. Thedetermining module 152 determines whether the received login data is acorrect login data (step S31). In step S31, the determining module 152determines whether the ID and password included in the login data arecorrect. The process of step S31 is the same as the process of step S25described above. In step S31, when determining that it is not thecorrect login data (NO in step S31), the determining module 152 countsan input error and transmits a notification of requesting to input theID or password again to the IoT device 100. The display module 160displays this notification (step S32), and repeats the processes fromstep S27 described above. Furthermore, when the determining module 152counts the input error a predetermined number of times or more, the IoTdevice monitoring system 1 executes the IoT device monitoring processdescribed above.

On the other hand, in step S31, when the determining module 152determines that it is the correct login data (YES in step S31), thelogin module 153 logs in to the IoT device 100 (step S33).

In addition, while it has been described in the above-describedembodiment that the original ID or password is inputted on the firstinput screen and the newly set ID or password is inputted on the secondinput screen, the newly set ID or password may be inputted on the firstinput screen and the original ID or password may be inputted on thesecond input screen. That is, the input for allowing the new ID orpassword to be inputted may be received either before or after the loginscreen of the IoT device 100.

The above is the IoT device login process.

The means and functions described above are realized by reading andexecuting a predetermined program by a computer (including a CPU, aninformation processing device, and various terminals). The program isprovided, for example, in a form (SaaS: software as a service) providedfrom the computer via a network. Further, the program is provided, forexample, in a form recorded in a computer-readable recording medium suchas a flexible disk, a CD (e.g., CD-ROM or the like), a DVD (DVD-ROM,DVD-RAM, or the like), or the like. In this case, the computer reads theprogram from the recording medium and transfers the program to aninternal storage unit or an external storage unit to be stored andexecuted. Furthermore, the program may be recorded in advance in astorage device (recording medium) such as a magnetic disk, an opticaldisk, an optical magnetic disk, or the like and be provided from therecording medium to the computer through a communications line.

While the embodiments of the present invention have been describedabove, the present invention is not limited to the above-describedembodiments. In addition, the effects described in the embodiments ofthe present invention are merely a list of the most preferable effectsproduced by the present invention, and the effects of the presentinvention are limited to those described in the embodiments of thepresent invention.

DESCRIPTION OF REFERENCE NUMBERS

1: IoT device monitoring system, 10: computer, 100: IoT device

What is claimed is:
 1. A computer system for monitoring a connected IoTdevice, comprising: a monitoring unit that monitors a login state of theIoT device; a detecting unit that detects an unauthorized access basedon a result of the monitoring; a learning unit that learns any one orboth of an ID or a password of the detected unauthorized access; and adetermining unit that determines whether any one or both of an ID and apassword held in advance by the IoT device are easy to be released. 2.The information processing apparatus according to claim 1, furthercomprising a setting unit that sets a new password, which is differentfrom the password stored in advance by the IoT device, for the IoTdevice when the determining unit determines that it is easy to bereleased.
 3. The information processing apparatus according to claim 1,wherein the setting unit sets a new ID, which is different from the IDheld in advance by the IoT device, for the IoT device, together withsetting the new password.
 4. The information processing apparatusaccording to claim 2, wherein the setting unit, upon setting the newpassword, receives an input for allowing the new password to be inputtedeither before or after a login screen of the IoT device.
 5. An IoTdevice monitoring method for monitoring a connected IoT device,comprising: monitoring a login state of the IoT device; detecting anunauthorized access based on a result of the monitoring; learning anyone or both of an ID or a password of the detected unauthorized access;and determining whether any one or both of an ID and a password held inadvance by the IoT device are easy to be released.
 6. A program forcausing a computer system that monitors a connected IoT device toexecute: monitoring a login state of the IoT device; detecting anunauthorized access based on a result of the monitoring; learning anyone or both of an ID or a password of the detected unauthorized access;and determining whether any one or both of an ID and a password held inadvance by the IoT device are easy to be released.